A little surprising that its not encrypted but really its not that big a deal. Definitely a little scary for those with exchange accounts that end up listed there though.
I have always been very careful with installing root apps. I stick to known devs and or apps with lots positive feedback when it comes to root apps. If you go installing every root app under the sun then you are asking to get hit with something malicious.
I'm a little surprised that people didn't know that any "Remember my password" feature anywhere effectively stores passwords in plain text unless you enter a Master Password or similar. ("Keep me logged in" is somewhat different.) This isn't any more of an issue for Root users as normal users if there are active root exploits, since obviously a malicious app could then root an unrooted phone.
Such features trade security for convenience, so it's a design decision that can't really be made more secure. Effective encryption can only be used if the key is kept secret, which can't be done if your phone isn't asking you for a decryption key. Encrypting then storing the key in plaintext is completely pointless.
Even if passwords were securely stored, a malicious root app can install a rootkit. I won't go into specifics, but suffice to say at that point it's no longer "your" phone.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.